prompt-complexity-scorer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill generates and suggests shell commands (
mkdir -p projects/${DATE}-<suggested-name>/tasksandecho "..." > .claude-active-project) where the<suggested-name>is derived from the user's prompt. While the instructions specify 'kebab-case', there is no explicit sanitization step. If the agent generates a name containing shell metacharacters (e.g.,;,&,|), it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION] (LOW): The skill creates a
brief.mdfile containing the 'User's exact prompt/request'. This creates an indirect prompt injection surface (Category 8). - Ingestion point: User prompt interpolated into the
brief.mdtemplate. - Boundary markers: None. The prompt is placed directly under a markdown header.
- Capability inventory: The agent can execute shell commands and create files.
- Sanitization: None. The instructions explicitly ask for the 'exact prompt'. A malicious user could include instructions in their prompt that are later executed or obeyed by the agent when it reads the project's
brief.mdor during the/project:bootstrapphase.
Audit Metadata